Configuring Quarantine settings

One of the actions Kaspersky Endpoint Security can perform to respond to threats detected by Kaspersky Sandbox is sending the threatening objects to Quarantine.

Quarantine is a special repository for storing files that are probably infected with viruses and files that cannot be disinfected at the time when they are detected. Files in Quarantine are stored in encrypted form and do not pose a security threat to the workstation.

Kaspersky Security Center generates a common list of objects on workstations quarantined by Kaspersky Endpoint Security. Network Agents on workstations submit information about files in Quarantine to the Administration Server.

To make sure Kaspersky Endpoint Security sends information about quarantined objects to the Kaspersky Security Center Administration Server, you must turn on this option in Quarantine settings in the Kaspersky Endpoint Security policy.

How to enable data submission to the Administration Server in Web Console

You can use the Web Console to view properties of objects in Quarantine on workstations, initiate scanning of these objects, delete objects in Quarantine, and restore objects from Quarantine.

Web Console does not copy files from Quarantine to Administration Server. All objects are kept on workstations where Kaspersky Endpoint Security is installed. Objects are restored from Quarantine also on workstations.

Quarantine is created under the same system user account on the workstation under which the threatening object was detected.

To configure Kaspersky Endpoint Security Quarantine:

1. In the main window of Web Console, go to the Devices → Policies & profiles section.
2. Click the name of the Kaspersky Endpoint Security policy.
3. Go to the Application settings tab.
4. Select the General settings section.
5. Click Reports and Storage.
6. Under Quarantine, do the following:
   1. If you want to set the maximum size of Quarantine, in the Limit the size of Quarantine to field, type the maximum size of Quarantine in MB or select it from the list.

      For example, you can limite Quarantine size to 200 MB.

   2. If you want to limit the usage of Quarantine, in the Notify when the Quarantine storage reaches field, enter the threshold value after which the application must send the corresponding notification.

      For example, you can set the threshold value of Quarantine to 50%.

      When Quarantine reaches the threshold value, Kaspersky Endpoint Security sends the corresponding event to Kaspersky Security Center and publishes the event in Windows Event Log. In the meantime, the application continues quarantining new objects.

7. Save all changes.

Quarantine is configured.

You can also manage quarantined objects (for example, restore, delete, add). Objects can be restored on a computer with Kaspersky Endpoint Security locally using the command line.

See also Getting started with Kaspersky Endpoint Security Configuring the proxy server connection Configuring the integration of Kaspersky Endpoint Security with Kaspersky Sandbox Managing stand-alone IOC scanning tasks Configuring Threat Response actions of Kaspersky Endpoint Security to respond to threats detected by Kaspersky Sandbox Configuring data synchronization with the Administration Server Monitoring the results of sending objects for scanning by Kaspersky Sandbox and running IOC scanning tasks

Page top